home

photo_012.jpg-www.facebook.exe

GeoTrans

The executable photo_012.jpg-www.facebook.exe has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from incitemarketing.ca.
Product:
GeoTrans

Description:
GeoTrans

Version:
1, 0, 0, 1

MD5:
baccb6262bd92436c5267b374179cc0a

SHA-1:
c999459727faa14a1059de97f4d4804458c09d35

SHA-256:
d75456e1bd7815a10b2ca3d0fbf50c69a0782818248fd65144cc7a7718432892

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
5/5/2024 12:57:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1632443
1026

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Trojan/Win32.Ransomlock
14.04.14

Avira AntiVirus
TR/Crypt.Xpack.35808
7.11.142.180

avast!
Win32:Napolar-AY [Trj]
2014.9-140414

AVG
Inject2
2015.0.3504

Baidu Antivirus
Hacktool.Win32.CeeInject
4.0.3.14414

Bitdefender
Trojan.GenericKD.1632443
1.0.20.520

Bkav FE
W32.ArtemisTorsolar.Trojan
1.3.0.4959

Dr.Web
Trojan.DownLoader11.3994
9.0.1.0104

Emsisoft Anti-Malware
Trojan.GenericKD.1632443
8.14.04.14.02

ESET NOD32
Win32/Injector.BBNB (variant)
8.9664

Fortinet FortiGate
W32/Zbot.AGV!tr.dldr
4/14/2014

F-Secure
Trojan.GenericKD.1632443
11.2014-14-04_2

G Data
Trojan.GenericKD.1632443
14.4.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11721

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.4017

Malwarebytes
Trojan.Agent.ED
v2014.04.14.02

McAfee
Downloader-FYH!BACCB6262BD9
5600.7160

Microsoft Security Essentials
VirTool:Win32/CeeInject.gen!KK
1.10401

MicroWorld eScan
Trojan.GenericKD.1632443
15.0.0.312

Norman
Troj_Generic.TICER
11.20140414

nProtect
Trojan.GenericKD.1632443
14.04.11.01

Panda Antivirus
Trj/dtcontx.L
14.04.14.02

Qihoo 360 Security
HEUR/Malware.QVM07.Gen
1.0.0.1015

Reason Heuristics
Unnamed.Threat.23
14.4.14.14

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.28D914
7.2.104

Trend Micro
TROJ_SPNR.28D914
10.465.14

VIPRE Antivirus
Trojan.Win32.Generic
28194

File size:
167.4 KB (171,368 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright ? 2014

Original file name:
GeoTrans.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\photo_012.jpg-www.facebook.exe

File PE Metadata
Compilation timestamp:
3/28/2014 8:33:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.0

CTPH (ssdeep):
3072:/KvKWy0OL4fWYEQBQyos2SUOKwhZqqijEr7U+VUTg7I9ukzNQdaWhWrMGT:Ci7LmBEQV92psijCpUT4Fjh4T

Entry address:
0x46A4

Entry point:
55, 8B, EC, 6A, FF, 68, 98, 60, 40, 00, 68, 2E, 48, 40, 00, 64, A1, 90, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 2C, 54, 40, 00, 59, 83, 0D, 48, 74, 40, 00, FF, 83, 0D, 4C, 74, 40, 00, FF, FF, 15, 70, 54, 40, 00, 8B, 0D, 3C, 74, 40, 00, 89, 08, FF, 15, 38, 54, 40, 00, 8B, 0D, 38, 74, 40, 00, 89, 08, A1, 3C, 54, 40, 00, 8B, 00, A3, 44, 74, 40, 00, E8, 19, 01, 00, 00, 39, 1D, 58, 72, 40, 00, 75, 0C, 68, 06, 27, 40, 00, FF, 15, 40, 54...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
16 KB (16,384 bytes)

The file photo_012.jpg-www.facebook.exe has been seen being distributed by the following URL.

http://incitemarketing.ca/?qqmsbz1=a893e52d1aa

Remove photo_012.jpg-www.facebook.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.